Friday, January 13, 2017

Building an IBM QRadar Console in AWS (For version 7.2.7)

Building an IBM QRadar Console in AWS(For version 7.2.7)1. Configure a key pair on AWS.2. Create an Amazon EC2 instance that meets the following requirements:Image = RHEL-6.7_HVM_Beta-20150430-x86_64-1-Hourly2-GP2, found in Community AMIsInstance type = m4.2xlargeStorage Three disks:1 x 250 GB volume2 x 200 GB volumesSecurity Group = Your IP addresses from the list, with ports 22 and 443 open.Create an elastic IP

The AWS instance key is required to log in to the instance with SSH.XFS is not supported on the RedHat Enterprise Linux (RHEL) v6.7 loads that are provided by AWS. Use ext4. Important: High availability (HA) is not supported on AWS QRadar installations.

sed -i -e "s/plugins=1/plugins=0/" /etc/yum.conf16. To start the setup program, type the following command:/media/cdrom/setup17. Type Y when prompted to accept an installation on unsupported hardware.18. Follow the prompts and complete the QRadar installation wizard.

Restore a Configuration to the AWS Built IBM QRadar Console(The IP address is different)1. Ensure the version and patch level is the same. 2. Take an On Demand Backup on the original Console.3. Using SCP, copy the configuration backup file to /store/backupHost/inbound of the new Console.4. Ensure the hostname on the AWS Console is the same as the original is the same by using qchange_netsetup.5. Log in to the AWS QRadar Console as an administrator.6. Click the Admin tab and select the Backup and Recovery icon.7. Select the configuration backup you copied to the Console and click Restore.8. From the restore options list, select the Select All Configuration Items check box.9. From the restore options list, select the Select All Data Items check box.10. Click Restore to start the configuration restore process.11. From the Admin tab, click the Deploy Changes icon.12. Verify that event or flow sources that were reporting to the original host are being processed in the QRadar user interface.

17 comments:

Hi,Thanks for such a nice document.But I have a query. I was going through the 7.2.8 Qradar install guide and saw this pre-requisite for AWS EC2 instance. Do we need to use the same M4 instance for all Qradar installation types i.e Console, Ep etc.As per my information EP instance will require higher VCPU as compared to Console.Could you please help me here?

Thank you so much for sharing this worth able content with us. The concept taken here will be useful for my future programs and i will surely implement them in my study. Keep blogging article like this.

Amazon Web Services (AWS) is the most popular and most widely used Infrastructure as a Service (IaaS) cloud in the world.AWS has four core feature buckets—Compute, Storage & Content Delivery, Databases, and Networking. At a high level, you can control all of these with extensive administrative controls accessible via a secure Web client.For more information visit.aws online training aws training in hyderabad aws online training in hyderabad

Amazon has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from anywhere on the web. Amazon Web Services (AWS) is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality to help businesses scale and grow.For more information visit.aws online training aws training in hyderabad aws online training in hyderabad

Below is a list of threat intelligence websites that you can use. Cymon.io is an excellent one as it searches around 200 different sources. If you’re looking for a more exhaustive list of threat intel sites, check out https://github.com/rshipp/awesome-malware-analysis